Internet Security Systems' Web Site Defaced
Hacker group splatters site with antiwar rhetoric.
Remember those Internet Security Systems Inc. television ads that featured hackers targeting unsuspecting corporate networks? On Monday, ISS became the target of attack from a group of hackers calling themselves "Unix Security Guards."
The hackers attacked the site where ISS runs its X-Force Internet Watch program, in which ISS provides free BlackIce personal firewall software to college students and hosts a medium for students to discuss information about BlackIce and how they can protect themselves from hacker attacks. ISS also offers free analysis of trends to the students about attacks against their systems.
- Strengthen Organizational Agility with the Latest Advances in Case Management
- Accelerate Agility Now: WebSphere Application Server v8.5.5 Overview
- Altair Speeds Complex Simulation and Workload Management with the Intel' Xeon Phi Coprocessor
- How Virtualization is Key to Managing Risk
The site, which is not ISS's homepage, is located at http://xfiw.iss.net/.
Apparently, the site wasn't secure. According to Zone-h.org, a site that tracks Internet attacks, the Unix Security Guards took advantage of the now well-known Microsoft WebDAV vulnerability to splatter anti-war rhetoric on the site. On March 17, ISS posted an alert about the WebDAV vulnerability, labeled the vulnerability "very serious," and said because the company had spotted a tool available on the Internet that made it easier for hackers to attack this vulnerability, "fixes or temporary workarounds should be applied immediately."
As of Tuesday morning the site was not available.
"ISS has confirmed that one Web page that was a part of a research project was modified on a noncritical server on an isolated network that provides free copies of BlackIce PC Protection to university students. No further attacks have occurred," ISS said in a statement Tuesday.
However, in a new twist, the security company later said the Web site, while being a legitimate site to exchange security information and download free copies of security software was also an ongoing experiment. "It was a honeypot," an ISS spokeswoman said. "We, as most security companies, have many honeypots for research purposes. It was bait to be hacked," she says.
Honeypots are common security tools in very large organizations and universities. They are placed on the Internet to attract and study hackers in a controlled environment where no critical information is in jeopardy.
ISS's X-Force security research group is well known and highly regarded in security circles. Its researchers have discovered flaws in many common applications. Most recently the group discovered a vulnerability in the popular Sendmail software which is estimated to handle more than 70% of the world's E-mail.
Not surprisingly, security companies and related organizations are popular targets for hackers. Late last month, one member of the hacker group known as Fluffi Bunni dug himself his own hole when he showed-up at the InfoSecurity 2003 conference in London, where British authorities arrested him for his potential involvement in a string of Web-site attacks, including some big names in security.
Fluffi Bunni kicked dirt on a few prominent names in information security when the group defaced the Web sites of security vendor SecurityFocus (now owned by Symantec Corp.), as well as the security training and education organization The SANS Institute and the security-awareness group Attrition.org
Fluffi Bunni, which uses a pink rabbit as its logo, caught the attention of law enforcement shortly after the Sept. 11 terrorist attacks when the group defaced thousands of Web sites with the ominous message: "Fluffi Bunni Goes Jihad."
The group also demanded $5 million in a brown paper bag and "Mr. Bin Laden" to be handed over "If you want to see the Internet again."
Also, last year, the federally funded CERT Coordination Center's Web site was knocked offline by a massive distributed denial of service attack.